Return-Path: Delivered-To: apmail-geronimo-user-archive@www.apache.org Received: (qmail 92407 invoked from network); 21 Oct 2008 19:32:13 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 21 Oct 2008 19:32:13 -0000 Received: (qmail 92253 invoked by uid 500); 21 Oct 2008 19:32:13 -0000 Delivered-To: apmail-geronimo-user-archive@geronimo.apache.org Received: (qmail 92227 invoked by uid 500); 21 Oct 2008 19:32:13 -0000 Mailing-List: contact user-help@geronimo.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: user@geronimo.apache.org List-Id: Delivered-To: mailing list user@geronimo.apache.org Received: (qmail 92216 invoked by uid 99); 21 Oct 2008 19:32:13 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 21 Oct 2008 12:32:13 -0700 X-ASF-Spam-Status: No, hits=0.2 required=10.0 tests=SPF_PASS,WHOIS_MYPRIVREG X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of weberjn@gmail.com designates 209.85.134.191 as permitted sender) Received: from [209.85.134.191] (HELO mu-out-0910.google.com) (209.85.134.191) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 21 Oct 2008 19:31:02 +0000 Received: by mu-out-0910.google.com with SMTP id i10so2238580mue.5 for ; Tue, 21 Oct 2008 12:31:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=fDfUyC42Kly85JAzI8CsgKe/8l3vIQjvjZ4x4o6EA2g=; b=X0GtrW5MwksZaOfrTA0LZN3oHwWWVXV84B+GIJDeqGDGLqu5ZGLpNAGSi2GogpTAe0 2hYuUwYQpFeOxPlBXjy1uy52boBsQ+A8gskKoOPsJmMq0Td9a/Rplt/myOYcRovwr9Jf qXTWQp165XZZk6H/bti4f4iF2v4DNJVaHb8W4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=ORhpqeG4AadQoW3YWD0aL6xw2/V6VqxQga3kpBmWwL8H4sq9eeeKnCt4yX1QpzznlR QW26K1VyqJzmGfYcD3CcQ3n2CEcaYMPUTysWMjo9tcK6R5a4iNFSAtUCRFUQCC6gYjDh 251TeLW5hr24SEUz+BiXYbTUORLZcUXwpcTrg= Received: by 10.181.204.4 with SMTP id g4mr1271134bkq.114.1224617490181; Tue, 21 Oct 2008 12:31:30 -0700 (PDT) Received: by 10.67.40.16 with HTTP; Tue, 21 Oct 2008 12:31:30 -0700 (PDT) Message-ID: <1964cfb60810211231t6f99559cg3b0452bfd5f91790@mail.gmail.com> Date: Tue, 21 Oct 2008 21:31:30 +0200 From: "Juergen Weber" To: user@geronimo.apache.org Subject: Re: Where to store secret EJB properties? In-Reply-To: <5014DFE5-D94C-499A-BCE3-91AD0639D7DB@yahoo.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <20094408.post@talk.nabble.com> <5014DFE5-D94C-499A-BCE3-91AD0639D7DB@yahoo.com> X-Virus-Checked: Checked by ClamAV on apache.org David, thanks so far, "Locating your application specific configuration files" is a step in the right direction. This helps in organizing property files, which is better than directly loading them from the file system. I also was looking for a way to enhance the @Resource injection system. Now it would be great if one could use a SystemPropertiesGBean to inject @Resource into an EJB... thanks, Juergen On Tue, Oct 21, 2008 at 7:42 PM, David Jencks wrote: > > On Oct 21, 2008, at 9:38 AM, Juergen Weber wrote: > >> >> The canonical way to have properties for EJBs is IMHO to use >> in >> ejb-jar.xml and have them injected via @Resource. >> ejb-jar.xml are like source and in source control and are put in the >> ejb.jar >> by ant. >> Obviously this is not a good idea for passwords. >> >> Is there a way to save properties via the Geronimo Console (or deployer) >> and >> have them injected via @Resource? >> I guess properties in .properties in a .jar cannot be injected, can they? >> >> Could this be done via javax.naming.spi.ObjectFactory as suggested in the >> comment here: >> http://www.jroller.com/agoncal/entry/configure_your_ejb_3_with#comments > > I'm sure that wouldn't work in geronimo naming (e.g. in a web app in > geronimo, which only uses geronimo naming stuff) and doubt openejb has a way > to make it work (IIRC openejb does some of its own jndi setup). I also > don't see how this would conceal the secrets. Wouldn't they now be in the > source code of the ObjectFactory class? > > I can think of a couple approaches that you might find suitable. One is > having an application specific data file as explained here: > http://cwiki.apache.org/GMOxDOC21/locating-your-application-specific-configuration-files.html. > This also hints at the other, using a system property to store the secret, > set up with a SystemPropertiesGBean in the geronimo plan for your app. In > this case however I would advise: > > - use maven :-) > - deploy your app as a geronimo plugin using the car-maven-plugin > - include a config.xml snippet in the geronimo-plugin.xml (generated from > the car-maven-plugin configuration) > - set up the property value as a config-substitutions.properties variable. > > Now you can either set the secret directly in > var/config/config-substitutions.properties or on the command line, e.g. with > gshell > geronimo/start-server -G mySecret=foo > > hope this helps > david jencks > >> >> >> Thanks, >> Juergen >> -- >> View this message in context: >> http://www.nabble.com/Where-to-store-secret-EJB-properties--tp20094408s134p20094408.html >> Sent from the Apache Geronimo - Users mailing list archive at Nabble.com. >> > >